Hi again,
At first I could not download Combofix from the link you gave me, however you also gave a link for the Combofix tutorial and there I found a Combofix download that worked for me
So, I disabled my AVG and the shield of AVG until next restart and then I ran Combofix
Combofix noticed I did not have a Microsoft Recovery Console installed and then it installed one for me
Here is the report:
ComboFix 12-06-12.01 - Anke 12-06-2012 19:40:57.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1023.500 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Anke\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\_backupD
c:\_backupd\sts.txt
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\Anke\Application Data\PriceGong
c:\documents and settings\Anke\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Anke\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Anke\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Anke\WINDOWS
c:\windows\IsUn0413.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\1cd2a1d287e68bb6.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\59dfd5520e39bb39.fb
c:\windows\system32\Cache\5b4ec600a44d4ed4.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\ceebbcb_s.dll
c:\windows\system32\OLDBC3.tmp
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\regdacl
c:\windows\system32\regdacl\doc\RegAudit.GIF
c:\windows\system32\regdacl\doc\RegAudit_e.htm
c:\windows\system32\regdacl\doc\RegDACL.GIF
c:\windows\system32\regdacl\doc\RegDACL_el.htm
c:\windows\system32\regdacl\doc\RegDACL_er1.htm
c:\windows\system32\regdacl\doc\RegDACL_er2.htm
c:\windows\system32\regdacl\doc\RegDACL_er3.htm
c:\windows\system32\regdacl\doc\RegDACLe.htm
c:\windows\system32\regdacl\doc\RegLast_e.htm
c:\windows\system32\regdacl\doc\RegOwner.GIF
c:\windows\system32\regdacl\doc\RegOwner_e.htm
c:\windows\system32\regdacl\doc\SMWNCV.cmd
c:\windows\system32\regdacl\Freeware_en.txt
c:\windows\system32\regdacl\Orderinfo.htm
c:\windows\system32\regdacl\RegToolsHelp.htm
c:\windows\system32\SET1063.tmp
c:\windows\system32\SET2F1.tmp
c:\windows\system32\SET2FD.tmp
c:\windows\system32\SET30A.tmp
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-05-12 to 2012-06-12 ))))))))))))))))))))))))))))))
.
.
2012-06-10 13:20 . 2012-06-10 13:20 388096 ----a-r- c:\documents and settings\Anke\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-10 12:22 . 2012-06-10 12:22 -------- d-----w- c:\documents and settings\Anke\Local Settings\Application Data\WiseConvert
2012-06-10 12:21 . 2012-06-10 13:21 -------- d-----w- c:\program files\WiseConvert
2012-06-10 12:17 . 2012-06-10 12:17 -------- d-----w- c:\program files\ERUNT
2012-06-08 08:13 . 2012-06-08 08:13 -------- d-----w- c:\documents and settings\Anke\Local Settings\Application Data\AVG Secure Search
2012-06-05 17:12 . 2012-06-05 17:12 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-06-02 21:06 . 2012-06-02 21:06 -------- d-----w- C:\rsit
2012-06-01 16:10 . 2012-06-01 16:10 -------- d-----w- c:\program files\ESET
2012-05-27 14:06 . 2012-05-27 14:06 -------- d-----w- c:\documents and settings\Anke\Local Settings\Application Data\Sun
2012-05-20 17:04 . 2012-05-20 17:04 -------- d-----w- c:\program files\Common Files\Java
2012-05-20 17:02 . 2012-05-20 17:02 -------- d-----w- c:\program files\Oracle
2012-05-20 17:02 . 2012-05-20 17:02 -------- d-----w- c:\documents and settings\Anke\Application Data\Oracle
2012-05-20 17:02 . 2012-04-04 16:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-20 16:22 . 2012-05-20 16:22 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-05-20 16:22 . 2012-05-20 16:22 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-05-20 16:22 . 2012-05-20 16:22 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-05-20 16:22 . 2012-05-20 16:22 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-05-20 16:22 . 2012-05-20 16:22 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-05-20 16:22 . 2012-05-20 16:22 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-05-20 16:22 . 2012-05-20 16:22 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-05-20 15:53 . 2012-05-20 15:53 -------- d-----w- c:\program files\iPod
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2001-09-07 10:00 602624 ----a-w- c:\windows\system32\crypt32.dll
2012-05-20 17:02 . 2012-03-09 20:10 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-12 07:17 . 2012-04-04 16:48 419488 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-12 07:17 . 2011-05-13 19:07 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-11 13:55 . 2001-09-06 17:53 2073472 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2001-09-07 10:00 1862400 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:55 . 2001-09-07 10:00 2196992 -c--a-w- c:\windows\system32\ntoskrnl.exe
2012-03-19 03:17 . 2010-11-09 21:20 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2006-07-27 14:00 . 2006-07-27 14:00 11071378 -c--a-w- c:\program files\ndntnlst.exe
2006-06-24 17:27 . 2006-06-24 17:27 9976964 -c--a-w- c:\program files\nentnlst.exe
2006-05-23 16:54 . 2006-05-23 16:54 590 -c--a-w- c:\program files\layout.bin
1998-10-27 11:06 . 1998-10-27 11:06 27648 -c--a-w- c:\program files\_ISDel.exe
1998-09-29 14:34 . 1998-09-29 14:34 34816 -c--a-w- c:\program files\_Setup.dll
2001-09-07 10:00 94784 -csha-w- c:\windows\twain.dll
2008-04-14 17:02 50688 -csha-w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 -csha-w- c:\windows\system32\mfc42.dll
2008-04-14 17:02 57344 -csha-w- c:\windows\system32\msvcirt.dll
2008-04-14 17:02 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 17:02 343040 --sha-w- c:\windows\system32\msvcrt.dll
2010-12-20 17:32 551936 --sha-w- c:\windows\system32\oleaut32.dll
2008-04-14 17:02 84992 -csha-w- c:\windows\system32\olepro32.dll
2008-04-14 17:03 12288 -csha-w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-08 08:13 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-06-08 2067328]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-16 94208]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-03 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SW20"="c:\windows\system32\sw20.exe" [2005-06-29 212992]
"SW24"="c:\windows\system32\sw24.exe" [2005-07-04 69632]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"AirPort Base Station Agent"="c:\program files\AirMac\APAgent.exe" [2009-11-11 771360]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-08 1116544]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:03 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Anke\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Anke\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Phoenix Viewer\\SLVoice.exe"=
"c:\\Program Files\\Phoenix Viewer\\SLPlugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Dvd- of cd-deling\\ODSAgent.exe"=
"c:\\Program Files\\Dvd- of cd-deling\\RemoteInstallMacOSX.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\AirMac\\APAgent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-04-2012 4:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07-09-2010 4:48 31952]
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [17-06-2009 14:01 20744]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07-09-2010 4:48 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [09-11-2010 23:20 301248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-02-2012 4:53 193288]
R2 GLiIoEye;GLiIoEye;c:\windows\system32\drivers\GLiIoEye.sys [16-10-2009 15:35 4736]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [08-06-2012 10:13 932736]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [30-04-2012 9:44 5106744]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01-05-2011 15:18 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [23-02-2012 19:49 2348352]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [04-04-2012 18:48 257696]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [03-12-2010 22:29 1025352]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [17-06-2009 14:02 29192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [01-05-2011 15:18 136176]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [17-06-2009 14:01 25480]
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - CRYSTALSYSINFO
.
Inhoud van de 'Gedeelde Taken' map
.
2012-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 07:17]
.
2012-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-06-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-03 19:16]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-01 13:18]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-01 13:18]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1606980848-725345543-1003Core.job
- c:\documents and settings\Anke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-01 16:48]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1606980848-725345543-1003UA.job
- c:\documents and settings\Anke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-01 16:48]
.
2012-06-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.startpagina.nl/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: microsoft.com \www
Trusted Zone: raet.nl\webmail
TCP: DhcpNameServer = 62.179.104.196 213.46.228.196
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)
HKCU-Run-DriverCure - c:\program files\ParetoLogic\DriverCure\DriverCure.exe
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
AddRemove-Network Stumbler - c:\program files\Network Stumbler\uninst.exe
AddRemove-Picasa 3 - c:\program files\Picasa2\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2012-06-12 19:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-343818398-1606980848-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*]%2*:*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-343818398-1606980848-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*]%2*:*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-343818398-1606980848-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c%w* *]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-343818398-1606980848-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c%w* *\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø€|ÿÿÿÿ €|ù9~ *]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Voltooingstijd: 2012-06-12 19:50:34
ComboFix-quarantined-files.txt 2012-06-12 17:50
.
Pre-Run: 7.432.114.176 bytes beschikbaar
Post-Run: 7.532.908.544 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 4112E5C1B001879C18B39E9C337FF794
I noticed a PriceGong thing and I never downloaded that nor do I recall installing anything with prices.
How can it be here? Is it totally removed by Combofix now?
Edited by Suus, 12 June 2012 - 12:17 PM.